The risk analysis for electronic commerce using case based reasoning

Abstract

Electronic Commerce (EC) is expected to be essential for an organization`s survival and growth in the future. Under EC environment, an organization`s internal systems and processes are no longer operated in isolation from each other, but should be linked together and exchange information and transactions in ways unanticipated under the traditional environment. The strong demand for Internet and EC is surging from the fast changing environment of IT. The data integrity and confidentiality is indispensable for Internet and EC than traditional systems due to its characteristic as open network. However, the level of risk analysis and security control for the Internet and EC lags far behind the demand. The traditional approach to the security of information system was based on the assumption that the security be applied to mainframe computers. However, the new approach to the security is required in the fast changing environment with different requirements for the connectivity to the network. The risk analysis is the process to examine the threats facing the IT assets and the vulnerabilities of these assets to those threats. The risk analysis enables an organization to understand the importance of the value of IT assets to be secured and to find the security holes in a cost effective manner. Despite the benefits of performing the risk analysis, there are several factors, which cause this process to be viewed negatively. The risk analysis is regarded as time consuming and incurring much cost. The traditional process of risk analysis is not about to handle the contingency of organization. A Case Based Reasoning (CBR) system solves new problems by recalling and adapting previous solutions. So, CBR is useful for tasks which use predicates which are ill-defined, lead to inconsistent outcomes, and have incomplete rules to apply. [Morris 94] This study proposes a CBR Methodology designed to evaluate the risk of an organization under EC environment. The methodology in...